Default automation stitches

The following default automation stitches are included in FortiOS:

  • Compromised Host Quarantine
  • Incoming Webhook Quarantine
  • HA Failover
  • Network Down
  • Reboot
  • FortiAnalyzer Connection Down
  • License Expired Notification
  • Security Rating Notification

To view and edit the automation stitches in the GUI, go to Security Fabric > Automation.

CLI configurations

Compromised Host Quarantine

config system automation-action
    edit "Quarantine on FortiSwitch + FortiAP"
        set description "Default automation action configuration for quarantining a MAC address on FortiSwitches and FortiAPs."
        set action-type quarantine
    next
    edit "Quarantine FortiClient EMS Endpoint"
        set description "Default automation action configuration for quarantining a FortiClient EMS endpoint device."
        set action-type quarantine-forticlient
    next
end
config system automation-trigger
    edit "Compromised Host - High"
        set description "Default automation trigger configuration for when a high severity compromised host is detected."
    next
end
config system automation-stitch
    edit "Compromised Host Quarantine"
        set description "Default automation stitch to quarantine a high severity compromised host on FortiAPs, FortiSwitches, and FortiClient EMS."
        set status disable
        set trigger "Compromised Host - High"
        config actions
            edit 1
                set action "Quarantine on FortiSwitch + FortiAP"